mirror of
https://git.zx2c4.com/wireguard-go
synced 2024-11-15 01:05:15 +01:00
uapi: windows: work out pipe semantics
Pipes can be arranged like this, so that's fine. We also apply a strict SDDL that can't be inherited and only gives access to local system. Developed-with: Odd Stranne <odd@mullvad.net>
This commit is contained in:
parent
368dea72fe
commit
5c7cc256e3
@ -48,9 +48,9 @@ func (l *UAPIListener) Addr() net.Addr {
|
|||||||
|
|
||||||
func UAPIListen(name string) (net.Listener, error) {
|
func UAPIListen(name string) (net.Listener, error) {
|
||||||
config := winio.PipeConfig{
|
config := winio.PipeConfig{
|
||||||
SecurityDescriptor: "", //TODO: we want this to be a very locked down pipe.
|
SecurityDescriptor: "O:SYD:P(A;;GA;;;SY)", /* Local System only, not inheritable */
|
||||||
}
|
}
|
||||||
listener, err := winio.ListenPipe("\\\\.\\pipe\\wireguard\\"+name, &config) //TODO: choose sane name.
|
listener, err := winio.ListenPipe("\\\\.\\pipe\\WireGuard\\"+name, &config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user